From juice jacking to bluebugging: How to protect your mobile devices and data from cyberattacks

OTHER THREATS, AND PREVENTIVE MEASURES

CSA and the police also warned of rogue Wi-Fi access points – unauthorised and set up without the knowledge or consent of a network administrator or owner.

In what is dubbed an “evil twin” attack, the rogue Wi-Fi access point will masquerade as a legitimate one with the same name and security settings.

Once users connect their mobile devices to this rogue network, cybercriminals can intercept and steal data or credentials.

To avoid falling victim to such attacks, users are advised to avoid using public Wi-Fi networks for sensitive activities such as online banking. Or, a virtual private network (VPN) can be used to encrypt network traffic and protect important data, said the agencies.

Users should also disable automatic Wi-Fi connections on their mobile devices.

Cybercriminals can also use file-sharing functions – such as AirDrop on iPhones and Nearby Share on Android devices – to infect devices in the vicinity with malware, or gain access to data and perform unauthorised transfers, CSA and the police said.

The agencies advised users to disable file-sharing functions on their devices when not in use, to prevent cybercriminals from exploiting them for such malicious purposes. 

Users can also configure file-sharing settings to only allow discovery by contacts, to reduce the risk of unauthorised access.

CSA and SPF then pointed to “bluebugging” attacks, which allow cybercriminals to gain access to user devices through a detectable Bluetooth connection.

Attackers can steal information and possibly install malware when devices are compromised this way.

The advice from the agencies was to disable a device’s Bluetooth function when not in use. Users should also set their devices to “non-discoverable” mode.

GENERAL TIPS

CSA and SPF suggested the following measures for users to safeguard mobile devices and data within:

  • Keep the device operating system and applications updated with the latest security patches and fixes
  • Download and install anti-virus applications onto the device, keep it updated and perform regular scans
  • Only download applications from the official Google Play Store for Android devices and Apple’s App Store for those on the iOS operating system
  • Use a strong and unique password or passcode to protect the device from unauthorised access
  • Do not click on suspicious links or attachments and visit websites from trusted sources only

Victims of cybercrime are encouraged to report incidents to the Singapore Computer Emergency Response Team or SingCERT.